1. Problem Background 2. BranchCache Solution Modes 3. Protocols and Workloads 4. Deployment and Management 5.
Download ReportTranscript 1. Problem Background 2. BranchCache Solution Modes 3. Protocols and Workloads 4. Deployment and Management 5.
1. Problem Background 2. BranchCache Solution Modes 3. Protocols and Workloads 4. Deployment and Management 5. Deep Dives 6. Q&A
Problem Background
$$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$
Thin, expensive WAN links between main office and branch offices
BranchCache Solution Modes
Data
ID Data ID ID
Search
ID Data
Distributed Cache Hosted Cache
Distributed Cache Data cached amongst clients
Enterprise
Hosted Cache Data cached at hosted cache server
Protocols and Workloads
Office SMB CopyFile 3rd Party Applications Explorer SharePoint BranchCache™ Office HTTP BITS WMP IE
Goals Integration Support for Configuration Manager (and WSUS) clients available on Windows Vista, Windows Server 2008 R2
Goals Integration Support available on Windows 7 and Windows Server 2008 R2
Goals Integration Support available for Windows 7 and Windows 2008 R2
Goals Integration Available on Windows 7 and Windows Server 2008 R2
Scenarios requiring end-to end secure, encrypted transports “just work” with BranchCache As a result, DirectAccess, IPsec scenarios (such as Server/Domain Isolation) and even point to point VPNs automatically work
Client IE Data in clear HTTP Data in clear SSL Data encrypted Sockets Data encrypted IPsec
Branch Cache Branch Cache
Data in clear Server IIS HTTP Data in clear SSL Data encrypted Sockets Data encrypted Data encrypted IPsec
Deployment and Management
Use Group Policy to enable Windows BranchCache on Windows 7 clients Install the optional “Windows BranchCache” component on a Windows 2008 R2 web or file server
IIS File Server Group Policy Management Hosted Cache
Optionally, install a hosted cache in your branch. Configure clients to use it with Group Policy
HTTP server (IIS) - Install the BranchCache feature from Server Manager SMB server (File server) – Install the BranchCache role service feature within the file server role using Server Manager
Distributed Cache Implementation Hosted Cache Implementation
Identify the “branch” Choose how to deploy Deploy to clients
Setup the Hosted Cache Identify Branch Choose how to deploy Deploy to clients
Event logs - Operational logs & Audit logs Perfmon counters - Client, hosted cache and Content Server netsh for querying the infrastructure for potential problems Cache size too small, firewall issues, certificate problems etc MOM pack - for rolling all the information up
With group policy and NetSH you can: Enable / disable Distributed Cache Enable / disable Hosted Cache Set the cache size Set the location of the Hosted Cache Clear the cache Create and replicate a shared key for use in a server cluster And more … Works in domains and workgroups
Deep Dives
Hashes Returned by server Blocks Unit of download Segments Unit of discovery Content Segment hashes, Block hashes up to ~2000x data reduction
B 1 B 2 B n B 1 B 2 S1 S2 B n B 1 B 2 S3 B n
IE Open URL wininet Data Hashlist Branch Cache Data “Branch Cache Capable” Hashlist IIS Data http.sys
Get data Data Branch Cache Hashlist Data Hashlist H1 H2 H3 H4 H5
Application ReadFile Data Prefetch File Data CSC Driver Hashlist Branch Cache Data CSC Service Data Hashlist Request Hashes SMB Client Driver Request Hashes Hashlist SMB Hash Generation Service Generate or update hash HashGen Utility Generate or update hash Save hashes SMB Server Driver Access hashes CSC Cache
Encryption key
Ke = Kp
Segment Secret
Kp = Hash(HoD, Ks)
Segment hash of data
HoD = Hash (Blockhashes)
Block hashes
Hash(block)
Blocks
B 1 B 2 B n
Segment Id
Hash(Kp, HoD + K)
Client
Server secret key
Ks
Server
Client requests data from the server, and indicates BranchCache capability Server authorizes the client Server retrieves content identifiers (block hashes, segment hashes, segment secrets) for the data Server sends content identifiers on same channel as data Client computes a segment ID Broadcasts on the local network
Serving clients receive the broadcast Decrypt the segment hash from the segment discovery key Respond with data availability Client requests blocks from the serving client Serving client computes encryption key from the segment secret Serving client encrypts each block with the encryption key Client receives the data Decrypts the data Validates block data against the block hash If valid, returns to application
Clients Cache only contains content requested by the client Data in cache ACL’d so that it is only accessible if authorized by the server If data leakage is a concern, then use BitLocker or EFS Hosted Cache Cache contains content requested by all branch clients Use BitLocker or EFS to encrypt cache as necessary All data can be purged from the cache using netsh
Cisco Wide Area Application Services (WAAS)
Comprehensive WAN optimization solution that accelerates applications over the WAN, delivers video to the branch office, and provides local hosting of branch office IT services
Citrix Branch Repeater
Branch optimization solution that accelerates application delivery to globally distributed users while dramatically reducing bandwidth costs and simplifying branch infrastructure
Riverbed Steelhead Appliances
Solution that enables distributed organizations to accelerate applications by up to 100x over the WAN, and reduce WAN traffic by up to 95 percent.
Q&A
www.microsoft.com/teched http://microsoft.com/technet www.microsoft.com/learning http://microsoft.com/msdn
Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31
st